Emergency Vulnerability Bulletin

12/11/21 7:57 PM  |  by RedLegg Blog

LOG4J Remote Code Execution Vulnerability 

Identifier: CVE-2021-44228

Exploit or POC: YES.


Description: CVE-2021-44228 allows an attacker to remotely execute code on the widely used logging library (Log4j). Log4J, between versions 2.0 and 2.14.1 are all affected. Log4j has been patched, but due to the Log4J implementation, the updates may come from the vendors that use Log4J in their applications and may not be able to be updated manually in some cases. If the host is running Java runtime later than 8u121, the exploit will not work due to com.sun.jndi.rmi.object.trustURLCodebase and com.sun.jndi.cosnaming.object.trustURLCodebase being disabled by default.

Mitigation recommendation:

  • Disable JNDI lookup by removing the JndiLookup file in the log4j-core and restart the service.
  • Restart using the start parameter ‘ log4j2.formatMsgNoLookups; ‘ with the value of true if you’re unable to patch will work as temporary mitigation.
    Example: “java -log4j2.formatMsgNoLookups=true -jar application.jar”
  • Update to the newest version of log4j

Get Blog Updates

Related Articles

Patch Tuesday - August 2023 96bravo

Patch Tuesday - August 2023

*Important note: These are not the only vulnerabilities that have been recently released; however, these are the ...
Emergency Security Bulletin - Citrix ADC and Citrix Gateway threat intel, 96bravo, Bulletin

Emergency Security Bulletin - Citrix ADC and Citrix Gateway

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin